// https://syzkaller.appspot.com/bug?id=00b8bd6553d3f0e1d42566841a6d6346ffbecdaf
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_ioctl
#define __NR_ioctl 29
#endif
#ifndef __NR_mmap
#define __NR_mmap 222
#endif
#ifndef __NR_mount
#define __NR_mount 40
#endif
#ifndef __NR_sendmsg
#define __NR_sendmsg 211
#endif
#ifndef __NR_socket
#define __NR_socket 198
#endif

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  *(uint64_t*)0x20000180 = 0;
  *(uint32_t*)0x20000188 = 0;
  *(uint64_t*)0x20000190 = 0x20000000;
  *(uint64_t*)0x20000000 = 0;
  *(uint64_t*)0x20000008 = 0;
  *(uint64_t*)0x20000010 = 0x20000580;
  memcpy(
      (void*)0x20000580,
      "\xd4\xfa\x0c\x51\x1a\xad\x03\xaa\x5e\xd2\x17\x67\x7b\xc4\x1c\x02\x7d\x9c"
      "\x83\x0c\x43\x9c\x7f\x82\x1d\xdd\x78\xb6\x91\x5c\xb1\x70\xe7\x60\x3a\xcf"
      "\x9e\x43\x3c\x29\x03\xbb\x67\x73\xf4\xb0\x13\x06\x68\xa1\xe5\xb5\xe0\x8d"
      "\x21\xd0\xb6\x9c\x28\xca\x34\x55\xae\xd6\x58\x55\xc8\x6f\x3d\x1e\x57\x89"
      "\xd2\x63\x75\xa0\xd8\x5e\xaf\x5e\x92\xe1\x9c\x9a\xff\xcf\x76\xe7\xa9\x4e"
      "\x76\x55\x6d\x2b\x10\x4e\xbf\x64\x57\x47\xfa\xdc\x91\x46\x0f\x4b\x3c\x94"
      "\xe1\xa8\x9b\x51\xbe\x4a\x6a\xa4\xc6\x52\x85\xf9\x88\x32\x9a\x81\x63\xb6"
      "\x9c\x51\xb8\x01\x50\x0a\x5b\xac\xd0\x46\x39\x76\xe2\x96\x0e\x26\x79\xef"
      "\x2f\xee\xe5\xe6\xce\x6b\xb7\x8a\x51\xfb\x0e\x15\x82\x0d\x13\xe4\xa5\xaa"
      "\x9e\x07\x42\xa6\xf8\xd6\x77\xad\x28\xfe\xa3\x56\x65\x7b\xb5\x50\xc8\x31"
      "\x1b\x68\x2d\x90\x03\xc8\x22\x67\xa1\x5a\xa7\x33\x4b\xc5\x3b\x65\xb9\x11"
      "\x9a\x1a\x7d\x90\x5c\x7d\xd3\x65\xb8\x5c\x23\x0b\xba\xd0\xd5\xd0\xa7\x98"
      "\x19\xe1\x12\x63\x78\x19\xd9\xa1\x87\xcf\xdf\x78\x2c\x61\x27\xd2\xd4\x28"
      "\x19\x26\xab\x0e\x22\xf7\x34\x6b\x61\x6f\xe2\x8e\xd0\xb9\xf4\xa0\xc9\xfd"
      "\xac\x6d\x3a\x90\xa9\xc3\x8b\x5e\x31\x44\x8a\x45\x54\x63\x88\xc9\x50\x45"
      "\xbc\x22\xfe\x88\xc4\x3b\x82\xa0\xa5\xd3\xeb\x61\xc2\x38\xa5\x15\x9e\xa9"
      "\x8d\xb9\xc0\x0a\xee\xf6\x44\xae\x98\xa8\xcb\x8d\xff\xff\x3b\x7b\xa1\x4d"
      "\x79\x71\x91\x0b\x55\x96\x23\xaf\x82\x95",
      316);
  *(uint64_t*)0x20000018 = 0x13c;
  *(uint64_t*)0x20000198 = 2;
  *(uint64_t*)0x200001a0 = 0;
  *(uint64_t*)0x200001a8 = 0;
  *(uint32_t*)0x200001b0 = 0;
  syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x20000180ul, /*f=*/0ul);
  sprintf((char*)0x20000580, "0x%016llx", (long long)-1);
  sprintf((char*)0x20000592, "0x%016llx", (long long)-1);
  sprintf((char*)0x200005a4, "%020llu", (long long)-1);
  syscall(__NR_mount, /*src=*/0ul, /*dst=*/0ul, /*type=*/0ul, /*flags=*/0ul,
          /*opts=*/0x20000580ul);
  res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000000, "wlan1\000\000\000\000\000\000\000\000\000\000\000",
         16);
  syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0x8b18, /*arg=*/0x20000000ul);
  return 0;
}